Skip to content

Instantly share code, notes, and snippets.

View sn4k3-meyer's full-sized avatar
💭
Cyber Security Analyst

Max Meyer sn4k3-meyer

💭
Cyber Security Analyst
3 followers · 1 following
View GitHub Profile
@sn4k3-meyer
sn4k3-meyer / test.html
Created May 24, 2022 05:55
test.html
<script>alert(1);</script>
@sn4k3-meyer
sn4k3-meyer / jquery-xss.html
Created March 19, 2021 10:58
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/open-fonts@1.1.1/fonts/inter.min.css">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@exampledev/new.css@1.1.2/new.min.css">
<script src=https://cure53.de/purify.js></script>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.js"></script>
<body>
<header><h1>Test Jquery Juntos pelas crianças</h1></header>
<main>
<fieldset>
<legend>Maximiliano Meyer</legend>
@sn4k3-meyer
sn4k3-meyer / test.js
Created February 9, 2021 22:33
alert(1);
@sn4k3-meyer
sn4k3-meyer / Mario.js
Created December 11, 2020 07:32
document.body.innerHTML=atob('PGlmcmFtZSBzcmM9Imh0dHBzOi8vamN3ODcuZ2l0aHViLmlvL2MyLXNtYjEvIiB3aWR0aD0iMTAwJSIgaGVpZ2h0PSI2MDAiPjwvaWZyYW1lPg==')
@sn4k3-meyer
sn4k3-meyer / intense-reverse-shell.sh
Created October 20, 2020 12:12
gain full access exploit
#!/bin/bash
#Enumerando informações locais de um alvo linux
# useful binaries (thanks to https://gtfobins.github.io/)
binarylist='aria2c\|arp\|ash\|awk\|base64\|bash\|busybox\|cat\|chmod\|chown\|cp\|csh\|curl\|cut\|dash\|date\|dd\|diff\|dmsetup\|docker\|ed\|emacs\|env\|expand\|expect\|file\|find\|flock\|fmt\|fold\|ftp\|gawk\|gdb\|gimp\|git\|grep\|head\|ht\|iftop\|ionice\|ip$\|irb\|jjs\|jq\|jrunscript\|ksh\|ld.so\|ldconfig\|less\|logsave\|lua\|make\|man\|mawk\|more\|mv\|mysql\|nano\|nawk\|nc\|netcat\|nice\|nl\|nmap\|node\|od\|openssl\|perl\|pg\|php\|pic\|pico\|python\|readelf\|rlwrap\|rpm\|rpmquery\|rsync\|ruby\|run-parts\|rvim\|scp\|script\|sed\|setarch\|sftp\|sh\|shuf\|socat\|sort\|sqlite3\|ssh$\|start-stop-daemon\|stdbuf\|strace\|systemctl\|tail\|tar\|taskset\|tclsh\|tee\|telnet\|tftp\|time\|timeout\|ul\|unexpand\|uniq\|unshare\|vi\|vim\|watch\|wget\|wish\|xargs\|xxd\|zip\|zsh'
system_info()
{
echo -e "Informações do sistema"
@sn4k3-meyer
sn4k3-meyer / OSINT Tools
Created October 20, 2020 12:10
OSINT Tools
Censys:
https://censys.io/
Shodan:
https://www.shodan.io/
Greynoise:
https://greynoise.io/
zoomeye:
@sn4k3-meyer
sn4k3-meyer / DNS and Cloudflare bypass tools
Last active October 20, 2020 12:32
Cloudflare-WAF-Bypass-Tools
Virtual hosts search:
https://pentest-tools.com/information-gathering/find-virtual-hosts
Descobertas de virtual hosts
https://github.com/jobertabma/virtual-host-discovery
bruteforce virtual hosts:
https://github.com/gwen001/vhost-brute
Cloudflare WAF bypass tool 1:
@sn4k3-meyer
sn4k3-meyer / Lista das minhas ferramentas de reconhecimento.
Created October 20, 2020 11:21
li incident tools and recon.
Reconhecimento de subdominios:
https://gist.github.com/Czerwinsk/57b3652b551590b346a548772686d18f
Checagem de dominios sobre HTTP ou HTTPS:
https://github.com/tomnomnom/httprobe
Checagem em achive, buscando por versoes antigas dos dominios:
https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050
Minha ferramenta para checagem dos outputs via grep, buscando padroes e parametros:
@sn4k3-meyer
sn4k3-meyer / greatest-grep.sh
Last active October 20, 2020 11:12
#!/bin/bash
aqua=$(tput setaf 14);
PS3='Please enter your choice: '
options=(${aqua}"aws-keys" "base64" "cors" "debug-pages" "firebase" "fw" "go-functions" "http-auth" "ip" "json-sec" "meg-headers" "php-curl" "php-errors" "php-serialized" "php-sinks" "php-sources" "s3-buckets" "sec" "servers" "strings" "takeovers" "upload-fields" "urls" "Clickjacking" "quit")
select opt in "${options[@]}"
do
case $opt in
"aws-keys")
grep --color=auto -HanrE "([^A-Z0-9]|^)(AKIA|A3T|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{12,}"
@sn4k3-meyer
sn4k3-meyer / subs-only.py
Last active October 20, 2020 11:17
#!/usr/bin/python3
#coding: utf-8
from spyse import spyse
import json
from pprint import pprint
#gere sua api-key em https://spyse.com/
API_KEY = ''